So I just dropped my N900 on the floor and the screen doesn't work any more. RIP.

What should I replace it with? My wants are light -- I haven't made the full switch from grad student mode to realizing that I have money that can be exchanged for goods and services, so I haven't had a data plan and may or may not get one now (though probably will in a year or two if not now). I do want a smart phone for web browsing on wi-fi as well as MP3 playing, and a camera would be nice. No iPhone.

My primary desire is something that I can rely on getting updates for for a long time. Bear in mind that the N900 was released almost 6 years ago, and I'd have continued to use it for the forseeable future had I not cracked the screen. I don't want some locked-down POS where I'm relying on the manufacturer or carrier to deliver security fixes, for instance.

i don't really have any specific phone suggestions, but if you don't want to have to rely on the manufacturer or carrier for updates, you'll probably want one of the more popular android phones. cyanogenmod is a fairly popular android distribution that's independent of the manufacturers and carriers, and you can find a list of the devices that they support at https://download.cyanogenmod.org/.

Thanks; I think I'll make Cyanogenmod support a priority if I go Android. I'm also considering Windows Phone, actually. Anyone know what the update situation is with that? (I.e. suppose I trust MS to provide updates in a timely manner but don't trust the actual device manufacturer or AT&T to pass those along.)

Well, for Android, if you care about updates (and you should!) any of the Nexus phones are a good choice (some might argue the only choice, because Google pushes the updates to them directly; for all other phones you are at the mercy of the OEM for updates).

If you have a specialized need (for example, I do artwork and need the stylus, so I always go with some variation of the Galaxy Note) then it can make sense to go with something other than Nexus, but if you don't have any special requirements and just want a decent phone that gets updates reliably (and will get updates for some significant time into the future) then Nexus is a good option.

Haven't used Windows Phone, so I can't say... in general Microsoft has a pretty decent track record with updates, at least when it comes to patching security holes and the like. But take that with a grain of salt, because I'm just speaking from my experience with other Microsoft products.

iPhone is pretty good when it comes to updates for older devices (not stellar, but better than almost all non-Nexus Android devices). But they are a bit pricey and not customizable, so they're not for everyone, which I guess is probably why you said "no iPhone".

Personally, I have an iPhone for phone purposes and and Galaxy Note Pro 12.2" tablet for tablet purposes. But if I had an Android device as my phone device, I'd probably go with a Nexus. For me, one of the most important criteria in a cell phone device is reliability when it comes to basic communications (it needs to work in an emergency), and for that regular security updates are a must. I'm really hoping Google and OEMs find a way to solve the update problem in the future.

I've got Ting, and its pretty good if you don't care about the latest and greatest phones on Sprint. They now have a contract with T-Mobile for GSM / Sim Card connections. With all providers, YMMV, but I've managed to keep costs below $30 most of the time, which occasionally spikes to $35 when I use up more than 100MB/month.

They are basically a pay-as-you-go provider. Since if you buy a very large plan, they refund you what you didn't use for the month (it's on a "bucket" scale though. So if you buy the 500 minutes plan and use 99 minutes, they only charge you for 100 minutes. If you go 101 minutes, they charge you for 500 minutes). In any case, Ting works for me based on my usage, and they've been pretty good about customer support and all that good stuff.

My bill is realistically $22/month after taxes, since I rarely use more than 100 minutes / texts / 100MB per month (~$7/month in taxes fyi in my case). When I do (typically on beech trips when I use GPS a lot more or watch an episode or two of Anime through streaming), I still hit less than 500MB and my bill only rises to $35 or so.

--------------------

As for phones I've been looking at... I've been looking at Blackberries recently. I'm a physical keyboard fan, and Blackberry is the only provider of those now . BlackBerry Passport is on AT&T though, I'm not sure if it'd work on Ting. BlackBerry Passport is intriguing to me because it allegedly supports Android apps (Through Amazon's marketplace).

As for phones in general, the flagships all seem overpriced and overrated. The cheaper designs like the Moto E sing true however. Moto E remains on the latest version of Android, and the weaker CPU and lower resolution screen leads to longer battery life.

Similarly, I'd consider the lower end Lumia 640 Dual-SIM from the Windows side.

Blackberry Passport is the only "flagship" I'd consider for myself... mostly because the keyboard design and size looks somewhat practical. I'd much prefer a slider, but my current phone (Motorola Photon Q from Aug 2012) is literally the highest-end slider phone for Androids right now (newer, lower-spec phones do exist). With that new remote-exploit security flaw going around the internet since Blackhat, I've been a bit creeped out. The Motorola Photon Q hasn't had an update for years now, so I'm vulnerable without any upgrade path.

Thanks, everyone. I decided in the end to go WinMo, and got the Lumia 640. It was inexpensive enough that if I decide I hate it, I won't feel awful about getting a new one, and I can take more time to decide.

Stagefright can hack your phone with an MMS... that is so carefully crafted that your phone never realized you even got the text message to begin with.

Once hacked, Android Rootkits can be installed and access your emails, text messaging, and so forth. If you do banking, trading, or other financial stuff on your smartphone, then those accounts are at risk of being compromised. The only solution is to hope that your Android has gotten an update package to the latest version of Android.

The really sneaky part is you don't need to watch the playful cats. If you're using Google's Hangouts app, you don't even need to open your text message app. All the attacker needs to do is send a poisoned package to your phone number. It then opens up your device, and the attack starts. This can happen so fast that by the time your phone alerts you that a message has arrived, you've already been hacked. If, on the other hand, you're using Android's standard Messenger app you must open the text message -- but not necessarily watch the video -- to get hacked.

Stagefright can hack your phone with an MMS... that is so carefully crafted that your phone never realized you even got the text message to begin with.

Once hacked, Android Rootkits can be installed and access your emails, text messaging, and so forth. If you do banking, trading, or other financial stuff on your smartphone, then those accounts are at risk of being compromised. The only solution is to hope that your Android has gotten an update package to the latest version of Android.

I'm really hope they'll (Google, service providers etc) come up with a better solution than "hey, if every one could go ahead and update your OS that'd be great!"That is a pretty piss poor solution to a problem that could potentially shut down most cell phones on earth.

Stagefright can hack your phone with an MMS... that is so carefully crafted that your phone never realized you even got the text message to begin with.

Once hacked, Android Rootkits can be installed and access your emails, text messaging, and so forth. If you do banking, trading, or other financial stuff on your smartphone, then those accounts are at risk of being compromised. The only solution is to hope that your Android has gotten an update package to the latest version of Android.

Minor terminology pet peeve: The article is wrong; it's not Stagefright that does the hacking. It's Stagefright that's getting hacked. Stagefright is a core component of Android OS that's used for playing video. It has a weakness that can be exploited by malware (which may or may not even exist yet, but at any rate isn't called "Stagefright"). So if you see a component running on your phone called "Stagefright" it doesn't mean you've been hacked (you still might have been); it just means you're running Android.

billy joule wrote:I'm really hope they'll (Google, service providers etc) come up with a better solution than "hey, if every one could go ahead and update your OS that'd be great!"That is a pretty piss poor solution to a problem that could potentially shut down most cell phones on earth.

Actually, "hey, if every one could go ahead and update your OS that'd be great!" would be an awesome solution compared to the reality which is that most people won't even have the option of updating their OS. Yeah, that's right: For most people, there is no solution for this vulnerability.

Nexus users are in luck; Google says they will push an update this week (and if automatic updates are turned on, you might not even need to take any action to be safe). But for non-Nexus devices, it's out of Google's hands. They provide the patch to the OEM and the OEM has to distribute it via an OTA update, which for some devices may never happen. As a Galaxy Note user, I'm hoping Samsung pushes the update fast (and since it's just a patch, and since Samsung makes a big deal about security, I do have some hope for that). But if your device manufacturer doesn't push an update, pretty much the only way to be safe is to root your phone. (Turning of automatic download of MMS messages does make it a bit safer, but it's not a foolproof solution...)

Stagefright can hack your phone with an MMS... that is so carefully crafted that your phone never realized you even got the text message to begin with.

Once hacked, Android Rootkits can be installed and access your emails, text messaging, and so forth. If you do banking, trading, or other financial stuff on your smartphone, then those accounts are at risk of being compromised. The only solution is to hope that your Android has gotten an update package to the latest version of Android.

Minor terminology pet peeve: The article is wrong; it's not Stagefright that does the hacking. It's Stagefright that's getting hacked. Stagefright is a core component of Android OS that's used for playing video. It has a weakness that can be exploited by malware (which may or may not even exist yet, but at any rate isn't called "Stagefright"). So if you see a component running on your phone called "Stagefright" it doesn't mean you've been hacked (you still might have been); it just means you're running Android.

If I knew more about this issue, I'd be pissed off at the terminology screw up too.

Thanks for the correction.

Yeah, that's right: For most people, there is no solution for this vulnerability.

Exactly. Which is why I'm contemplating upgrading my phone... even though it is perfectly functional. These kinds of vulnerabilities bother me and I'm sad that I have no upgrade option.

KnightExemplar wrote:If I knew more about this issue, I'd be pissed off at the terminology screw up too.

Thanks for the correction.

The mistake is everywhere, even in major publications.

To be fair, Stagefright is kind of an unfortunate name choice: it does sound like something that would be malware. So I can understand the confusion.

But to be fair to Google, it's an internal component and I don't think they ever intended for users to hear the name.

KnightExemplar wrote:

Yeah, that's right: For most people, there is no solution for this vulnerability.

Exactly. Which is why I'm contemplating upgrading my phone... even though it is perfectly functional. These kinds of vulnerabilities bother me and I'm sad that I have no upgrade option.

I don't blame you. I think it's probably worth shutting off automatic download of MMS and waiting a week or two to see if there's an OEM patch, just in case, but if not, I don't think upgrading would be an overreaction. I've got an old Galaxy Note 2 that I just use for sketching and taking notes in meetings, and at the moment, I'm just leaving it in airplane mode except when I turn on wi-fi to sync my notes (I don't get any messages or do any browsing on it; it doesn't even have a SIM card). I don't have a lot of hope for an update, because it's quite old, so at this point I'm strongly considering rooting it, as an alternative to retiring it all together. Maybe I'm paranoid, but... I don't like taking chances with personal data. It's annoying, because (as you say) it's perfectly functional. If I actually needed to use it as a phone, I'd probably be going a bit crazy now.